This morning Microsoft issued an out of band security bulletin rated Critical which impacts Microsoft Hyper-V virtualized environments (and their respective running VMs) hosted on a Windows platform running any version of Internet Explorer. The critical vulnerability is Remote Code Execution. The bulletin advises that a reboot of the host may be required, which is Microsoft lingo for “you can count on a reboot”, they just don’t want to be nailed down to saying as such. With some companies in their official year end freeze period where no changes other than emergency are allowed, there is no doubt this vulnerability comes at an inconvenient time leaving many IT skeleton crews scrambling.
VMware ESX/ESXi hosts are not directly impacted by the vulnerability and may continue running business as usual. Those who are running VMware VirtualCenter on Microsoft Windows will likely require a reboot of the Windows host, however, this does not impact running VMs or ESX/ESXi hosts.
You’re a retard.
I agree with Matt. Nice site though and Happy Holidays!
I can’t argue with brilliance.
This is just a bunch of FUD. Internet Explorer is not even part of Windows 2008 Server Core. Look, I love VMware and preach to my customers about using it. But, just get your facts straight before posting things like this. If your goal is to create a panic with Windows Hyper-V customers, then I guess your goal has been achieved.
@Anonymous
We’re on the same page – I want nothing more than the facts.
The blog post specifically spoke to Hyper-V running on Windows with any version of Internet Explorer. This could imply Standard or Enterprise editions of Windows Server 2008, but the key fact is that we’re running Windows Server 2008 with any version of IE. Period. You chose to arbitrarily remove IE from the equation, implying server core, and thus changing the scope of the Microsoft patch impact and the scope of my blog post.
Your selective reading and/or comprehension skills have failed you.
Jeeze – it is the truth. No reason to get all up tight about it.
My guess is that if you’re a small enough shop to run hyper-v on a non-core installation of 08, you’re going to be able to ignore this bulletin until a more convenient time.
Guys, Server Core has parts of IE embedded in it for things like Automoatic Updates. While I haven’t checked yet, it is definately possible that this critical update is required for a Server Core and also Hyper-V Server installation